Skip to main content

Another zero-day exploits Adobe and runs wild masquerading as a PDF

adobe reader
Image used with permission by copyright holder

If you don’t know the sender, don’t open up the attached PDF. The warning applies to Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1 according to security firm FireEye, which first discovered the PDF zero-day exploit running rampant.

What happens is that the exploit, according to the hacker who discovered it, “drops two DLLs.” A DLL is a type of Microsoft file format called a Dynamic-link library. If you’ve visited a malicious website and had a DLL dropped into your computer without realizing what happened, the “fake” DLL with the same name as an existing DLL file can trick Windows to run in the background and wreak havoc.

adobe pdf zero day
Image used with permission by copyright holder

With this hack in particular, FireEye explains how the DLL takes advantage of you – note that the exploit affects Windows, Mac, and Linux. “The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

The security company adds that Adobe’s security team has been notified of the exploit’s existence, which Adobe later confirmed:

“Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers.”

Since Adobe has yet to publish an update on its PDF’s vulnerability, it looks like the exploit could very well still be active at the time of this writing.

This is Adobe’s third zero-day that comes on the heels of two Flash-based zero-day vulnerabilities, which tricked victims into opening up attachments that impersonated Microsoft Word documents when in fact these attachments opened up malicious flash content. Adobe quickly patched these two vulnerabilities on Monday.

Editors' Recommendations

Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
The 5 best websites like Craigslist in 2024

For years, Craigslist has been the go-to website for scoring a free sofa or finding an apartment. But there are plenty of other alternatives to Craigslist that do an equally fine job, oftentimes with a more attractive interface and fewer spam postings. The 5 best Craigslist alternatives are:

Facebook Marketplace
OfferUp
Locanto
Mercari
Recycler

Read more
How to stop spam emails in Outlook, Gmail, and more
A person sitting on the grass and taking notes at a laptop.

Spam and other unwanted emails are a nuisance, and it can seem like keeping them away from your inbox is a losing battle. But while you won't be able to prevent every piece of spam from landing in your inbox, it is possible to significantly reduce the number of messages that show up.

In this guide, we'll show you how to use filters, blocking, and spam reporting features to help stop spam from invading your inbox. We'll also go over a few more tips on how to reduce unwanted messages overall.
How to stop spam in Gmail
If you use Gmail, the most popular email client, you will eventually start getting spam. Here are our two favorite ways to deal with it.
Block spam in Gmail

Read more
How to add a signature in Gmail on desktop and mobile
how to file for stimulus

Email signatures are a great way to automatically include your contact information to your email correspondence. If you'd like to add a signature to your emails in Gmail, it's easy enough to add one. You'll just need to go through your Gmail settings to do it.

In this guide, we'll show you how to add a signature in Gmail whether you're using the desktop website version of Gmail or its mobile app.
How to add a signature on your desktop
Step 1: Launch your favorite browser and log into your Gmail account as you normally would.

Read more